Successful attackers often inject some JavaScript into all pages found on the server and this code perhaps checks your user agent. So you might locate it even by simply looking at the source code in your web browser. There could also be some server side code involved, which serves mobile browsers with special (additional) code. Especially if you have separate pages for mobile browsers, this might cause the different effect. Check the code served to mobile browsers by spoofing the user agent of a mobile browser in your desktop browser. In Firefox you could set the value of general.useragent.override to

in about:config to spoof an Android browser. Disable JavaScript in Firefox to prevent execution of the suspected script. If there is still no suspicious JavaScript code in the source, the redirect is likely caused by some server side run code or configuration. In this case, check for .htaccess files (if you are using Apache) and for executable scripts like *.php. If you are using server side scripts yourself, check their integrity.

In either case you need to find out, how your site was compromised. Often this is done by exploiting known vulnerabilites in common web applications (eg. forums, CMS, ...). Make sure, you are have patched all known vulnerabilities by installing a sufficiently recent version. Passwords stolen from a compromised user's desktop system are also a common problem. You also must make sure, that you reliably revert your site to a known good state. There might be more changes that those, you already know. Restoring from a clean backup is the best solution, if you cannot confirm the integrity of all of you files on the server.

As Gurken said, try to find out if there is any malicious JS being injected into the page. Are you using any ads on the site? If so, the ad provider might be serving different content for mobile & desktop, and have some problem content in the mobile ads served.